Financial Crime World

Liberia’s Struggle with Data Protection: A Recipe for Financial Crime?

Monrovia, Liberia - The Unpreparedness of Liberia’s Data Protection Regime

In a country where financial crimes have been on the rise, one would expect data protection laws to be in place. However, a review of existing laws suggests that Liberia is woefully unprepared to protect sensitive information and prevent cybercrimes.

Shortcomings in Liberia’s Data Protection Regime

There are several key areas where Liberia’s data protection regime falls short:

Lack of Clear Definition of Personal Data

  • There is no clear definition of personal data or sensitive personal data in Liberian law.
  • This lack of clarity makes it difficult for individuals and organizations to understand what type of information requires protection.

No Dedicated National Data Protection Agency

  • Liberia does not have a dedicated national data protection agency or authority.
  • While the country has signed onto international agreements such as the ECOWAS Supplemental Act, which requires member states to establish a National Data Authority, this requirement remains unfulfilled.

Insufficient Registration Requirements and Oversight

  • Entities that collect and process personal data are required to register with relevant government authorities.
  • However, there is no publicly designated Data Protection Officer (DPO) in Liberia, making it unclear who is responsible for overseeing the protection of sensitive information.

Inadequate Breach Notification Requirements

  • There is no mandatory requirement for organizations to notify affected individuals or authorities in the event of a data breach.
  • While private actions can be brought through the courts, this process can be time-consuming and may not provide adequate compensation for victims of cybercrimes.

Challenges in Enforcement

  • Private rights of action are available, but administrative sanctions for violating customer privacy by divulging confidential information without authorization remain limited.

Recommendations to Strengthen Data Protection Regime

To address these challenges, experts recommend that Liberia:

Establish a Clear Definition of Personal Data and Sensitive Personal Data

  • Define what type of information requires protection.
  • Provide clarity on how to ensure the security, integrity, and confidentiality of personal data.

Designate a DPO

  • Appoint a public officer responsible for overseeing the protection of sensitive information.
  • Ensure that the DPO has adequate resources and authority to effectively perform their duties.

Implement Breach Notification Requirements

  • Mandate organizations to notify affected individuals or authorities in the event of a data breach.
  • Provide clear guidelines on how to report and respond to data breaches.

Provide Adequate Resources for Enforcement Agencies

  • Ensure that enforcement agencies have adequate resources and authority to effectively investigate and prosecute financial crimes.